CN109858288B - Method and device for realizing safety isolation of virtual machine - Google Patents

Method and device for realizing safety isolation of virtual machine Download PDF

Info

Publication number
CN109858288B
CN109858288B CN201811600201.XA CN201811600201A CN109858288B CN 109858288 B CN109858288 B CN 109858288B CN 201811600201 A CN201811600201 A CN 201811600201A CN 109858288 B CN109858288 B CN 109858288B
Authority
CN
China
Prior art keywords
virtual machine
address space
isolation
execution environment
isolated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811600201.XA
Other languages
Chinese (zh)
Other versions
CN109858288A (en
Inventor
涂碧波
刘文清
张坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201811600201.XA priority Critical patent/CN109858288B/en
Publication of CN109858288A publication Critical patent/CN109858288A/en
Application granted granted Critical
Publication of CN109858288B publication Critical patent/CN109858288B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a method and a device for realizing safety isolation of a virtual machine, wherein the method comprises the following steps: establishing a safe isolated execution environment in a virtualization layer by adopting a same-layer address space isolation mechanism; isolating the memory of the target virtual machine from the non-trusted virtualization execution environment by using the safely isolated execution environment and adopting a dynamic memory marking and tracking strategy, and realizing the mutual isolation between the target virtual machine and the rest virtual machines; and monitoring context switching of the target virtual machine and address mapping of the target virtual machine in the security isolated execution environment by utilizing a VMCS, extended page table structure hiding and virtual machine exit redirection strategy. The embodiment of the invention adopts a same-layer address space isolation mechanism to carry out high-strength memory isolation on the virtual machine in the non-trusted virtualized execution environment, can effectively ensure the performance overhead of the system, comprehensively isolates the memory of the virtual machine and improves the safety of the system.

Description

Method and device for realizing safety isolation of virtual machine
Technical Field
The embodiment of the invention relates to the technical field of computer operating systems and virtualization, in particular to a method and a device for realizing safety isolation of a virtual machine.
Background
The cloud computing technology utilizes the virtualization technology to provide resources for upper-layer tenants, but due to the fact that multi-tenant resource isolation is not strong, the problem of sensitive data leakage in the upper-layer tenants is severe, the problem of data security is developed into a global problem, and the research on the security of the virtual machine in the non-trusted virtualization execution environment has very important theoretical significance and practical application value.
A virtual machine monitor (Hypervisor) provides physical resource allocation and management functions to the upper layer virtual machines at the bottom layer and is granted the highest authority. When an attacker attacks the virtual machine monitor, the entire cloud computing infrastructure is likely to be compromised, as well as the tenant's data security. In addition, the multi-tenant and virtual machine monitor shares the physical resources of the bottom layer, and an attacker can attack other virtual machines sharing the same physical server through cross-domain attack and virtual machine escape attack to reveal sensitive data of the virtual machines.
The existing method for solving the safety problem of the virtual machine sensitive data in the x86 platform non-trusted virtualized execution environment has the problems of high performance overhead of system operation, complex implementation, poor portability, great improvement on an original system and the like. In addition, the current hardware extension method SGX on the x86 platform only provides isolation protection for the application program, cannot provide memory protection for the entire virtual machine, and is complex to change.
Disclosure of Invention
In order to overcome the above problems or at least partially solve the above problems, embodiments of the present invention provide a method and an apparatus for implementing security isolation of a virtual machine, so as to effectively ensure system performance overhead, comprehensively isolate a memory of the virtual machine, and improve system security.
In a first aspect, an embodiment of the present invention provides a method for implementing security isolation of a virtual machine, including:
establishing a safe isolated execution environment in a virtualization layer by adopting a same-layer address space isolation mechanism;
isolating the memory of the target virtual machine from the non-trusted virtualization execution environment by using the safely isolated execution environment and adopting a dynamic memory marking and tracking strategy, and realizing the mutual isolation between the target virtual machine and the rest virtual machines;
and monitoring context switching of the target virtual machine and address mapping of the target virtual machine in the security isolated execution environment by utilizing a VMCS structural body, an extended page table key data structure hiding strategy and a virtual machine exit redirection strategy.
In a second aspect, an embodiment of the present invention provides an apparatus for implementing security isolation of a virtual machine, including:
the address space isolation module is used for establishing a safe isolated execution environment in the virtualization layer by adopting a same-layer address space isolation mechanism;
the virtual machine isolation module is used for isolating the memory of the target virtual machine from an untrusted virtualization execution environment by utilizing the safely isolated execution environment and adopting a memory dynamic marking and tracking strategy, and realizing the mutual isolation between the target virtual machine and the other virtual machines;
and the virtual machine monitoring module is used for monitoring context security switching of the target virtual machine and address mapping of the target virtual machine in the security isolated execution environment by utilizing a VMCS structural body, an extended page table key data structure hiding strategy and a virtual machine exit redirection strategy.
In a third aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the method for implementing virtual machine security isolation as described in the first aspect.
According to the method and the device for realizing the safety isolation of the virtual machine, a same-layer address space isolation mechanism is adopted, the high-strength memory isolation is carried out on the virtual machine in the non-trusted virtualized execution environment, the performance overhead of a system can be effectively ensured, the memory of the virtual machine is comprehensively isolated, and the safety of the system is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for implementing virtual machine security isolation according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of creating an isolated address space in a method for implementing virtual machine security isolation according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating a page table access control implementation process in the method for implementing virtual machine security isolation according to the embodiment of the present invention;
fig. 4 is a schematic flowchart illustrating page table multi-mapping protection in a method for implementing virtual machine security isolation according to an embodiment of the present invention;
fig. 5 is a schematic flowchart of page table remapping protection in the method for implementing virtual machine security isolation according to the embodiment of the present invention;
fig. 6 is a schematic flowchart of a redirection process of exit from a virtual machine in the method for implementing security isolation of a virtual machine according to the embodiment of the present invention;
fig. 7 is a flowchart illustrating a method for implementing virtual machine security isolation according to another embodiment of the present invention;
fig. 8 is a schematic structural diagram of an apparatus for implementing virtual machine security isolation according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments of the present invention without any creative efforts belong to the protection scope of the embodiments of the present invention.
The existing method for solving the safety problem of the virtual machine sensitive data in the x86 platform non-trusted virtualized execution environment has the problems of high performance overhead of system operation, complex implementation, poor portability, great improvement on an original system and the like. Aiming at the problem, the embodiment of the invention adopts a same-layer address space isolation mechanism to carry out high-strength memory isolation on the virtual machine in the non-trusted virtualized execution environment, so that the performance overhead of the system can be effectively ensured, the memory of the virtual machine is comprehensively isolated, and the safety of the system is improved. Embodiments of the present invention will be described and illustrated with reference to various embodiments.
Fig. 1 is a schematic flowchart of a method for implementing virtual machine security isolation according to an embodiment of the present invention, as shown in fig. 1, the method includes:
s101, a security isolation execution environment is established in a virtualization layer by adopting a same-layer address space isolation mechanism.
In order to solve the safety and performance problems of the safety isolation execution environment, the embodiment of the invention adopts a safety isolation address space which is created in the same authority level as the virtual machine monitor, namely, a same-layer address space isolation mechanism, so that the performance overhead of environment switching is reduced, the DMA attack which damages the system from the outside can be resisted, and the control flow hijacking attack can be resisted.
Specifically, the embodiment of the present invention creates a security isolated execution environment in the virtualization layer, which is used to provide an execution environment for virtual machine isolation and virtual machine monitoring, so that processing of critical events and access to critical data structures are performed in the environment; the performance overhead brought to the system by the environment switching is relatively small, and certain safety of the isolated environment can be ensured.
S102, by utilizing the security isolation execution environment and adopting a dynamic memory marking and tracking strategy, isolating the memory of the target virtual machine from the non-credible virtualization execution environment and realizing mutual isolation between the target virtual machine and the rest virtual machines.
In order to solve the safety problem of virtual machine memory isolation, the embodiment of the invention adopts a dynamic memory marking and tracking method and a physical memory multiple mapping protection method to realize high-strength isolation of the physical memory of the virtual machine. Namely, the virtual machine is isolated from the non-trusted virtualization execution environment, namely, the non-trusted virtual machine monitor and the rest virtual machines, and the malicious access of user sensitive data on the virtual machine by the non-trusted virtual machine or the virtual machine monitor is avoided.
S103, monitoring context switching of the target virtual machine and address mapping of the target virtual machine in a security isolated execution environment by using a VMCS structural body, an extended page table key data structure hiding strategy and a virtual machine exit redirection strategy.
The embodiment of the invention relates to a VMCS structure and a method for hiding an extended page table structure, aims to solve the problem of monitoring critical data of a virtual machine, and monitors the context switching and virtual machine address mapping processes of the virtual machine and a host machine in a safety isolated execution environment, and can resist control flow attack, prevent multiple mapping of a physical memory page and avoid leakage of user sensitive data. Specifically, the embodiment of the invention monitors the context security switching process of the virtual machine, completes the context security switching in the security isolated execution environment, and prevents the system key information from being maliciously accessed.
The method for realizing the safety isolation of the virtual machine provided by the embodiment of the invention adopts a same-layer address space isolation mechanism to carry out high-strength memory isolation on the virtual machine in the untrusted virtual execution environment, can effectively ensure the performance overhead of the system, comprehensively isolates the memory of the virtual machine and improves the safety of the system.
Optionally, according to the foregoing embodiments, the step of creating a security isolated execution environment in the virtualization layer by using a same-layer address space isolation mechanism specifically includes: establishing an operation isolation space frame with the same privilege level as that of a virtualization layer by adopting a same-layer address space isolation mechanism to obtain an isolated address space; creating a secure switch gate between the securely isolated execution environment and the original virtualized execution environment when the event monitored in the original address space occurs, and hiding an entry address of the isolated address space to prevent a security of the secure switch gate from being destroyed; when the virtualization layer is no longer trusted, the isolated address space is secured to prevent breach of security of the isolated address space.
The process of creating the security isolated execution environment according to the embodiment of the present invention can be generally divided into three parts, namely, creation of an isolated address space, creation of a security switching gate, and security protection of the isolated address space.
The creation of the isolated address space may be understood as that, by using a method of isolating the same layer address space, an isolated space frame that operates at the same privilege level as the virtualization layer is created, so that when the virtualization layer is no longer trusted, the internal program of the isolated address space can still operate safely and is not affected by malicious attacks. Another address space is implemented primarily by creating another set of system page tables a, where a portion of the physical address space is mapped only in the a page tables. Specifically, as shown in fig. 2, a schematic flowchart of creating an isolated address space in a method for implementing virtual machine security isolation according to an embodiment of the present invention is shown, where the process includes:
s201, starting a system safely, wherein the system needs to be started based on safe hardware;
s202, establishing a page table, starting to establish the page table, and distributing the page table to use a memory space;
s203, designing pgd, pud, pmd and pte in detail according to the structure of a page table;
s204, saving the entry address of the newly designed page table so as to be convenient for other modules to call.
The safe switching means that when an event is monitored in an original address space, a switching function between an isolated execution environment and an original virtualized execution environment is realized, certain safety is guaranteed, the integrity and atomicity of a switching process are guaranteed, and an entry address of the isolated address space is not leaked. The monitoring events comprise page table updating functions (do _ page _ fault), write _ cr3, set _ pt, set _ pmd, set _ pud, set _ pgd, set _ cr0 and set _ cr4, and the functions are mainly related to MMU, SMEP and DEP mechanisms. And the creation of the secure switching gate may be implemented as follows: saving the scene, turning off the interrupt, setting a CR3 register (storing an entry address of an isolation space), refreshing a TLB, turning off the interrupt, executing a monitoring event, refreshing the TLB, setting a CR3 register (an original entry address of the space), turning on the interrupt, and restoring the scene.
The isolation address space security protection can be understood as that security protection is mainly performed on the created isolation address space, and when the virtualization layer is no longer trusted, the space needs to ensure security so as to ensure security of a process executed in the address space.
Optionally, according to the foregoing embodiments, the steps of isolating the memory of the target virtual machine from the untrusted virtualization execution environment by using the security isolated execution environment and using the dynamic memory marking and tracking policy, and implementing mutual isolation between the target virtual machine and the other virtual machines specifically include: marking the extended page table by binding the extended page table and the target virtual machine, and marking and tracking the dynamic memory; and setting a shared page interface to process the shared page problem and carry out potential multi-mapping and remapping attack protection during virtual machine address mapping.
It will be appreciated that embodiments of the invention first perform extended page table tagging. The extended page table refers to EPT, only one corresponding EPT is provided for each VM, and in order to avoid an attacker from scheduling malicious EPT, the EPT and the VM are bound in a system and a VM-Mark table is created. For example, as shown in table 1, an example table is marked for a virtual machine according to an embodiment of the present invention.
TABLE 1 virtual machine tag example Table according to an embodiment of the present invention
Marking VMID EPTID
Description of the invention Virtual machine identification Identification of EPT
And then marking and tracking the dynamic memory. The dynamic memory marking module is to Mark each physical memory Page, and uses a Page-Mark table as shown in table 2, which is a Page marking example table according to the embodiment of the present invention, and includes a Page frame number of a physical Page itself, an owner ID (determining that the Page belongs to a virtual machine or a virtual machine monitor), a used Mark, and a shared Page Mark. For the balloon mechanism in the KVM system, a physical memory is dynamically released, and meanwhile, configuration information of a physical memory page, OwnerID, useddid, SharedID, needs to be dynamically transformed.
TABLE 2 example Table of Page markup according to an embodiment of the present invention
Marking Page frame OwnerID UsedID SharedID
Description of the invention Page frame number Owner ID Is marked for use Shared page marker
The physical page tracking module is used for firstly checking whether a physical page to be mapped is allocated or not when the EPT is updated in the system, and if the physical page to be mapped is allocated and does not belong to the virtual machine, the EPT is updated unsuccessfully; otherwise, the allocation can be carried out, the physical memory is marked and recorded in the Page-Mark table. And when the physical page is released, clearing the mark and the content of the physical memory to ensure that the information cannot be leaked.
And then, setting a shared page interface. Specifically, when the shared page function is turned on for the system, there is a possibility that a plurality of owners may exist in one physical memory page, and a shared page interface is set for such a case, thereby dealing with the shared page problem. In the process of mapping the system shared page, a function ksm _ page () is used for checking whether a required page is to be shared or not, then jumping to an isolated address space, setting the page as a shared page, increasing OwnerID, and completing the subsequent process of mapping the system shared page.
And finally, performing multiple mapping protection, namely protecting multiple mapping and remapping attacks generated during address mapping of the virtual machine. In the process of page mapping, the page mapping process needs to be checked. In order to prevent page multi-mapping, when the EPT is updated, i.e. the function tdp _ page _ fault, it is checked whether the mapped physical page is already mapped, if not, it can be directly mapped, otherwise, it checks the owner of the physical page, otherwise, the mapping fails, otherwise, the mapping succeeds.
Optionally, according to the foregoing embodiments, the step of monitoring context switching of the target virtual machine and address mapping of the target virtual machine specifically includes: and in the isolated address space, monitoring context switching and virtual machine address mapping of a target virtual machine and a virtual machine monitor by adopting a VMCS structural body and an extended page table key data structure hiding strategy. And the exit function processing of the target virtual machine is completed through the exit redirection strategy.
The embodiment of the invention monitors the virtual machine, and the overall process can be mainly divided into two parts, namely the safe switching of the virtual machine and the host context and the redirection of the exit of the virtual machine. The switching of the virtual machine and the host machine context is executed in the isolated address space, and the context is stored in the key data structure VMCS structure. The method aims to protect key data structures of the virtual machine and the host machine during operation, wherein the key data structures comprise privilege registers, next instruction addresses, EPT addresses and the like of the virtual machine and the host machine. Sensitive information leakage is prevented, malicious page table loading is prevented, control flow attack is prevented, and the like.
The secure switching process of the contexts of the virtual machine and the host runs in an isolated address space, and the main purpose of the secure switching process is to protect key data structures (a VMCS structural body and an EPT page table) of the virtual machine and the host during running, wherein the key data structures comprise privilege registers (CR0, CR3 and CR4) of the virtual machine and the host, a next instruction address and an EPT address. Sensitive information leakage is prevented, malicious page table loading is prevented, control flow attack is prevented, and the like.
The protection of the VMCS structure is mainly realized by not leaking the address of the VMCS structure body, and in addition, functions for accessing the VMCS need to run in an isolated address space and comprise VMCS _ readl, VMCS _ write and VMCS _ clear. The protection method of the EPT page table is to run the functions related to the address access of the EPT in an isolated address space, and the functions comprise kvm _ mmu _ load, mmu _ free _ roots and mmu _ step _ walk.
For redirection of exit of the virtual machine, a time point is needed for monitoring context switching in the isolated execution environment, and then the monitoring context switching is selected to be carried out when the virtual machine exits. The process runs in an isolated address space, the main purpose is to protect the virtual machine and host context switching process, the context in the process relates to important VMCS structure.
Optionally, according to the foregoing embodiments, when the virtualization layer is no longer trusted, the step of performing security protection on the isolated address space specifically includes: by monitoring the legitimacy of privileged register access events, page table accesses, and DMA mapping functions, security protection operations for the isolated address space are determined.
It will be appreciated that the security of the isolated address space according to the embodiments described above is primarily based on three aspects, namely monitoring privileged register operation events, page table access control, and DMA attack protection.
The monitoring event includes a page table update function (do _ page _ fault), write _ cr3, set _ pt, set _ pmd, set _ pud, set _ pgd, set _ cr0, and set _ cr 4. The method aims to ensure that a system does not load a malicious page table at will, change the mapping of a virtual address and a physical address in the page table of the system at will, forbid the mapping of the virtual address and the physical address in an isolation space, forbid the setting of a CR0 register to close a DEP mechanism and forbid the setting of a CR4 register to close an SMEP mechanism.
The page table access control means that when the original system address space is used, the data segment and the code segment of the isolation address space are not mapped in the original space, and when the isolation address space is used, the code segment in the original system address space cannot be executed, so that the process is prevented from being operated by tampering the isolation space. Fig. 3 shows a basic implementation process, which is a schematic diagram of a page table access control implementation process in a method for implementing security isolation of a virtual machine according to an embodiment of the present invention, where the process includes:
s301, an original system space page table provides address space layout of a system, access authority of each module and whether the module is mapped or not; the address of the isolation space is not mapped, so that the isolation purpose is realized;
s302, an environment switching door consists of 3 parts, namely an entrance door, a shared buffer area and an exit door, wherein the entrance door is used for realizing the safe switching of two address spaces and ensuring the atomicity and the safety of the switching;
s303, the page table of the isolation space, namely the page table in the secure execution environment, the original system code segment only has R (read-only) attribute, and the address of the isolation space code segment and the data segment has virtual-real address mapping.
The DMA attack protection module is that an attacker can directly access some physical addresses containing sensitive data in a DMA mode, the legitimacy of the mapped physical addresses is checked by monitoring a DMA mapping function, if the mapping is legal, the mapping is failed, and otherwise, the DMA attack protection module is used for protecting the physical addresses.
Optionally, according to the foregoing embodiments, the step of protecting the potential multi-mapping attack during address mapping of the virtual machine specifically includes: monitoring updating of the extended page table, and respectively judging whether the updating of the extended page table is legal or not and whether the internal content of the extended page table is changed or not; if the judgment result is yes, further judging whether the physical page is used, and if the judgment result is yes, checking the use record mark by inquiring a page table mark table corresponding to the physical page; whether the owner flags match or not is judged based on the use record flag of the physical page, and if not, mapping is not performed.
The embodiment of the present invention protects multiple mappings that may occur when a virtual machine address is mapped, and a specific process is shown in fig. 4, which is a schematic flow diagram of page table multiple mapping protection in the method for implementing virtual machine security isolation provided by the embodiment of the present invention, and the process includes:
s401, monitoring EPT updating, wherein whether the EPT is legal or not on one hand and whether the internal content of the EPT is changed or not on the other hand;
s402, judging EPT updating, judging whether the loaded EPT is the original EPT once the EPT is updated, and judging whether the change (address mapping) of the EPT is legal;
s403, judging that the physical page is used, checking a page table mark table corresponding to the physical page, and checking a use record mark UsedID;
s404, judging whether the owner marks are the same for the used physical pages, whether the owner marks are VM or Hypervisor, and determining whether to map according to the consistency of the owner.
In addition, to prevent page remapping, i.e., the freed pages (whose contents are not cleared) are remapped by the remaining virtual machines, data is leaked. The safeguard measure is that when the page is released, the system sets the page as a free page, and information on the page needs to be cleared, so that information leakage is prevented. Fig. 5 shows a specific process of the page table remapping protection method for implementing virtual machine security isolation according to an embodiment of the present invention, where the process includes:
s501, monitoring page release, and continuously monitoring related functions of page release in the original system;
s502, judging the page release. Judging whether the page is released or not, carrying out different processing, if not, continuing monitoring, and if so, carrying out the next processing;
s503, page processing, page content clearing and page releasing.
Optionally, according to the foregoing embodiments, the step of monitoring context switching of the target virtual machine by monitoring exit of the target virtual machine specifically includes: if the exit event of the target virtual machine is monitored, jumping to an isolated address space, and safely performing context switching through hardware execution in the isolated address space; performing read-write operation on the VMCS structure in the isolated address space, and jumping to the original system environment after the read-write operation is completed; and performing exit event processing of the target virtual machine.
Specifically, as shown in fig. 6, a process of redirection exit of a virtual machine in the embodiment of the present invention is a schematic flow diagram of redirection exit of a virtual machine in a method for implementing security isolation of a virtual machine, where the process includes:
s601, intercepting a virtual machine exit event, namely a function handle _ exit;
s602, jumping to a safe isolation address space, namely environment switching, address _ sapce _ switch _ into;
s603, safely switching context and executing hardware;
s604, performing read-write operation on the VMCS structure, wherein the operation runs in the isolated execution space;
s605, jumping to the original system environment, namely function address _ sapce _ switch _ out;
and S606, performing virtual machine exit event processing.
To further illustrate the technical solutions of the embodiments of the present invention, the embodiments of the present invention provide the following processing flows of the embodiments according to the above embodiments, but do not limit the scope of the embodiments of the present invention.
Virtual machine isolation is the goal of the overall system implementation. The leakage of protection sensitive data is mainly realized by marking memory pages, binding each virtual machine and corresponding EPT and a shared mark, processing the problem of shared pages, realizing multiple mapping protection during address mapping of the virtual machines and ensuring the isolation between the virtual machines and a virtual machine monitor.
Fig. 7 is a flowchart illustrating a method for implementing virtual machine security isolation according to another embodiment of the present invention, where as shown in fig. 7, the processing procedure includes:
s701, isolating an address space, and after the whole operating system is safely started, dividing the whole operating system into two regional environments, namely an original execution environment and an isolated execution environment;
s702, monitoring an event, wherein the system monitors a key event in the system;
s703, switching (entering) the environment, and when the monitored key event occurs, running in an isolated address space;
s704, EPT is established, the system respectively judges the key events according to whether the EPT is established or not, if yes, the binding of the VM and the EPT is carried out, and if not, the judgment is continued;
s705, EPT loading, namely judging whether the EPT loading is performed, and determining whether the EPT loading is performed according to the consistency of the EPT;
s706, EPT updating, namely judging whether the EPT updating is performed, and performing updating operation according to whether the physical page is used;
s707, EPT traversal is carried out, whether EPT traversal is carried out or not is judged, if yes, traversal is carried out, and if not, judgment is continued;
s708, EPT destroying, namely judging whether EPT destroying is performed, if yes, destroying processing is performed, and if not, judging continuously;
s709, releasing the physical page, judging whether the physical page is released, if so, performing remapping processing and emptying page contents, otherwise, continuously judging;
s710, context switching, namely judging whether the VMCS context environment is switched or not, and if so, performing exit redirection and context switching processing;
and S711, switching (returning) the environment, and switching back to the original system running environment after all the monitoring events are processed.
In summary, compared with the prior art, the embodiment of the invention has the following advantages: the high-strength memory isolation of the virtual machine is realized, and the leakage of user sensitive data is prevented; user sensitive information leakage caused by cross-domain attack and escape attack of the virtual machine is resisted; make up the shortage that SGX in an Intel processor on an X86 system can only protect application, provide the function of protecting the whole virtual machine, and adapt to various CPU versions; the system performance cost is low, the transportability is strong, and the change to the original system is less.
As another aspect of the embodiments of the present invention, according to the above embodiments, the embodiments of the present invention provide an apparatus for implementing virtual machine security isolation, where the apparatus is used to implement virtual machine security isolation in the above embodiments. Therefore, the description and definition in the method for implementing virtual machine security isolation in the embodiments above may be used for understanding each execution module in the embodiments of the present invention, and reference may be specifically made to the embodiments above, which are not described herein again.
According to an embodiment of the present invention, a structure of a device for implementing virtual machine security isolation is shown in fig. 8, which is a schematic structural diagram of the device for implementing virtual machine security isolation provided in the embodiment of the present invention, and the device may be used to implement virtual machine security isolation in the above-mentioned method embodiments, and the device includes: address space isolation module 801, virtual machine isolation module 802, and virtual machine monitor module 803. Wherein:
the address space isolation module 801 is configured to create a secure isolated execution environment in the virtualization layer by using a same-layer address space isolation mechanism; the virtual machine isolation module 802 is configured to isolate the memory of the target virtual machine from an untrusted virtualization execution environment by using a security-isolated execution environment and using a dynamic memory tag and a tracking policy, and to implement mutual isolation between the target virtual machine and the other virtual machines; the virtual machine monitoring module 803 is configured to monitor context security switching of the target virtual machine and address mapping of the target virtual machine in a security isolated execution environment by using a VMCS structure, an extended page table key data structure hiding policy, and a virtual machine exit redirection policy.
Specifically, to address the security and performance issues of the securely isolated execution environment, the address space isolation module 801 creates a securely isolated execution environment in the virtualization layer to provide an execution environment for virtual machine isolation and virtual machine monitoring. That is to say, the address space isolation module 801 creates a security isolation address space with the same authority level as the virtual machine monitor, that is, an isolation mechanism of the same layer address space, so as to reduce the performance overhead of environment switching, and can resist the DMA attack that the outside world destroys the system and control flow hijacking attack.
Then, the virtual machine isolation module 802 isolates the virtual machine from the untrusted virtualization execution environment, that is, from the untrusted virtual machine monitor, and isolates the virtual machines from each other, so as to prevent the user sensitive data on the virtual machine from being maliciously accessed by the untrusted virtual machine or the virtual machine monitor. Particularly, a dynamic memory marking and tracking method and a physical address multiple mapping protection method can be adopted to realize high-strength isolation of the physical memory of the virtual machine.
Finally, the virtual machine monitoring module 803 monitors the virtual machine, the host context switching and the virtual machine address mapping process in the security isolated execution environment, and relates to a VMCS structure and an EPT structure method, which can resist control flow attacks, prevent multiple mapping of physical addresses, and avoid leakage of user sensitive data. The context safety switching process of the virtual machine is monitored specifically, each physical kernel can only operate one system, the virtual machine or the virtual machine monitor once, the context of the two system switching processes is stored in the VMCS structural body, the context safety switching is completed in a safety isolated execution environment, and the key information of the system is prevented from being accessed maliciously.
Further, as shown in fig. 8, the address space isolation module 801 may further include an isolated address space creation module, a security switch gate creation module, and 3 sub-modules of the isolated address space security protection module. The virtual machine isolation module 802 may further include a memory dynamic tag and tracking module, an Extended Page Table (EPT) tag module, a shared page interface setting module, a multiple mapping protection module 4 sub-modules. The virtual machine monitoring module 803 may further include a virtual machine, a host context security switching module, and a virtual machine exit redirection module 2 sub-modules.
According to the device for realizing the safety isolation of the virtual machine, provided by the embodiment of the invention, the corresponding execution module is arranged, and a same-layer address space isolation mechanism is adopted, so that the high-strength memory isolation is carried out on the virtual machine in the non-trusted virtualized execution environment, the performance overhead of a system can be effectively ensured, the memory of the virtual machine is comprehensively isolated, and the safety of the system is improved.
It is understood that, in the embodiment of the present invention, each relevant program module in the apparatus of each of the above embodiments may be implemented by a hardware processor (hardware processor). Moreover, the apparatus for implementing virtual machine security isolation according to the embodiments of the present invention can implement the process of implementing virtual machine security isolation according to the above-mentioned method embodiments by using the above-mentioned program modules, and when the apparatus is used for implementing virtual machine security isolation according to the above-mentioned method embodiments, the beneficial effects produced by the apparatus according to the embodiments of the present invention are the same as those of the corresponding above-mentioned method embodiments, and reference may be made to the above-mentioned method embodiments, and details thereof are not described here.
The method of the embodiments of the present invention may be implemented by program instructions, which may be implemented in the form of software functional units and stored in a computer-readable storage medium when sold or used as a stand-alone product. Alternatively, all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, where the program may be stored in a computer-readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Embodiments of the present invention also provide a non-transitory computer-readable storage medium according to the above embodiments, where the non-transitory computer-readable storage medium stores computer instructions, where the computer instructions cause a computer to perform the method for implementing virtual machine security isolation according to the above embodiments, for example, the method includes: establishing a safe isolated execution environment in a virtualization layer by adopting a same-layer address space isolation mechanism; by utilizing a security isolated execution environment and adopting a dynamic memory marking and tracking strategy, isolating the memory of the target virtual machine from an untrusted virtualized execution environment, and realizing mutual isolation between the target virtual machine and the rest virtual machines; and monitoring context switching of the target virtual machine, address mapping of the target virtual machine and the like in a security isolated execution environment by utilizing a VMCS structural body, an extended page table key data structure hiding strategy and a virtual machine exit redirection strategy.
The non-transitory computer readable storage medium provided in the embodiments of the present invention performs high-strength memory isolation on a virtual machine in an untrusted virtualized execution environment by executing the method for implementing virtual machine security isolation described in each of the above embodiments and using a same-layer address space isolation mechanism, so that system performance overhead can be effectively guaranteed, a virtual machine memory can be comprehensively isolated, and system security can be improved.
It will be appreciated that the above described embodiments of the apparatus and storage medium are merely illustrative, wherein elements illustrated as separate components may or may not be physically separate, may be located in one place, or may be distributed over different network elements. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on such understanding, the technical solutions mentioned above may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a usb disk, a removable hard disk, a ROM, a RAM, a magnetic or optical disk, etc., and includes several instructions for causing a computer device (such as a personal computer, a server, or a network device, etc.) to execute the methods described in the method embodiments or some parts of the method embodiments.
In addition, it should be understood by those skilled in the art that in the specification of the embodiments of the present invention, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the description of the embodiments of the invention, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description. Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects.
However, the disclosed method should not be interpreted as reflecting an intention that: that is, the claimed embodiments of the invention require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of an embodiment of this invention.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the embodiments of the present invention, and not to limit the same; although embodiments of the present invention have been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1. A method for realizing security isolation of a virtual machine is characterized by comprising the following steps:
establishing a safe isolated execution environment in a virtualization layer by adopting a same-layer address space isolation mechanism;
isolating the memory of the target virtual machine from the non-trusted virtualization execution environment by using the safely isolated execution environment and adopting a dynamic memory marking and tracking strategy, and realizing the mutual isolation between the target virtual machine and the rest virtual machines;
monitoring context switching of the target virtual machine and address mapping of the target virtual machine in the security isolated execution environment by using a VMCS structural body, an extended page table key data structure hiding and a virtual machine exit redirection strategy;
the same-layer address space isolation mechanism is used for creating a security isolation address space with the same authority level as the virtual machine monitor.
2. The method according to claim 1, wherein the step of creating a secure isolated execution environment in the virtualization layer using a same-layer address space isolation mechanism specifically comprises:
establishing a running isolation space framework with the same privilege level as the virtualization layer by adopting a same-layer address space isolation mechanism to obtain an isolated address space;
creating a secure switch gate between the securely isolated execution environment and an original virtualized execution environment when a monitored event occurs in an address space to hide an entry address of the isolated address space to prevent a security of the secure switch gate from being breached;
when the virtualization layer is no longer trusted, the isolated address space is secured to prevent breach of security of the isolated address space.
3. The method according to claim 1, wherein the step of isolating the memory of the target virtual machine from the untrusted virtualization execution environment by using the securely isolated execution environment and using a dynamic memory tagging and tracking policy, and implementing the mutual isolation between the target virtual machine and the other virtual machines specifically comprises:
marking the extended page table by binding the extended page table and the target virtual machine, and marking and tracking the dynamic memory;
and setting a shared page interface to process the shared page problem and carry out potential multi-mapping and remapping attack protection during virtual machine address mapping.
4. The method according to claim 2, wherein the step of monitoring context switching of the target virtual machine and address mapping of the target virtual machine specifically comprises:
in the isolated address space, monitoring context switching and virtual machine address mapping of the target virtual machine and the virtual machine monitor by adopting a VMCS structural body and an extended page table key data structure hiding strategy;
and in the isolated address space, finishing exit function processing of the target virtual machine through an exit redirection strategy.
5. The method according to claim 2, wherein the step of securing the isolated address space when the virtualization layer is no longer trusted specifically comprises:
the security protection operations for the isolated address space are determined by monitoring the legitimacy of privileged register access events, page table accesses, and DMA mapping functions.
6. The method according to claim 3, wherein the step of protecting against potential multi-mapping attacks during virtual machine address mapping specifically comprises:
monitoring the updating of the extended page table, and respectively judging whether the updating of the extended page table is legal or not and whether the internal content of the extended page table is changed or not;
if the judgment result is yes, further judging whether the physical page is used, and if the judgment result is yes, checking a use record mark by inquiring a page table mark table corresponding to the physical page;
and judging whether the owner marks are consistent or not based on the use record marks of the physical pages, and if not, not mapping.
7. The method according to claim 4, wherein the step of monitoring the context switch of the target virtual machine by monitoring the exit of the target virtual machine specifically comprises:
if the exit event of the target virtual machine is monitored, jumping to the isolated address space, and safely performing context switching through hardware execution in the isolated address space;
performing read-write operation on the VMCS structure in the isolated address space, and jumping to the original system environment after the read-write operation is completed;
and processing the exit event of the target virtual machine.
8. An apparatus for implementing virtual machine security isolation, comprising:
the address space isolation module is used for establishing a safe isolated execution environment in the virtualization layer by adopting a same-layer address space isolation mechanism;
the virtual machine isolation module is used for isolating the memory of the target virtual machine from an untrusted virtualization execution environment by utilizing the safely isolated execution environment and adopting a memory dynamic marking and tracking strategy, and realizing the mutual isolation between the target virtual machine and the other virtual machines;
a virtual machine monitoring module, configured to monitor context security switching of the target virtual machine and address mapping of the target virtual machine in the security-isolated execution environment by using a VMCS structural body, an extended page table key data structure hiding policy, and a virtual machine exit redirection policy;
the same-layer address space isolation mechanism is used for creating a security isolation address space with the same authority level as the virtual machine monitor.
9. A non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the method of any one of claims 1-7.
CN201811600201.XA 2018-12-26 2018-12-26 Method and device for realizing safety isolation of virtual machine Active CN109858288B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811600201.XA CN109858288B (en) 2018-12-26 2018-12-26 Method and device for realizing safety isolation of virtual machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811600201.XA CN109858288B (en) 2018-12-26 2018-12-26 Method and device for realizing safety isolation of virtual machine

Publications (2)

Publication Number Publication Date
CN109858288A CN109858288A (en) 2019-06-07
CN109858288B true CN109858288B (en) 2021-04-13

Family

ID=66892293

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811600201.XA Active CN109858288B (en) 2018-12-26 2018-12-26 Method and device for realizing safety isolation of virtual machine

Country Status (1)

Country Link
CN (1) CN109858288B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110825492B (en) * 2019-10-31 2023-05-09 海光信息技术股份有限公司 Method, device, equipment and storage medium for isolating safe data memory
CN110955493A (en) * 2019-11-13 2020-04-03 东软集团股份有限公司 Method, system and related equipment for realizing switching of safe operation environment
CN111177712B (en) * 2019-12-31 2022-06-03 杭州趣链科技有限公司 WebAssembly model execution engine based on TEE
CN112363797B (en) * 2020-10-19 2022-04-05 海光信息技术股份有限公司 Virtual machine safe operation method, electronic equipment and storage medium
CN112416525B (en) * 2020-11-27 2022-06-03 海光信息技术股份有限公司 Device driver initialization method, direct storage access method and related device
CN112861118B (en) * 2021-04-26 2021-07-06 湖北亿咖通科技有限公司 Dual-system inter-container security policy isolation method, electronic device and storage medium
CN113810283A (en) * 2021-09-16 2021-12-17 中国联合网络通信集团有限公司 Network security configuration method, device, server and storage medium
CN114329437B (en) * 2022-03-14 2022-06-14 北京指掌易科技有限公司 Data processing method, device, equipment and storage medium
CN115033302A (en) * 2022-05-27 2022-09-09 天翼云科技有限公司 Safety reinforcement method, device, equipment and medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101076781A (en) * 2004-12-10 2007-11-21 英特尔公司 System and method for releasing privilege of virtual machine monitoring program component
US20090172328A1 (en) * 2007-12-31 2009-07-02 Ravi Sahita System and method for high performance secure access to a trusted platform module on a hardware virtualization platform
CN101739282A (en) * 2008-11-18 2010-06-16 华为技术有限公司 Method, device and system for managing virtual machine
CN101976200A (en) * 2010-10-15 2011-02-16 浙江大学 Virtual machine system for input/output equipment virtualization outside virtual machine monitor
CN102426557A (en) * 2011-10-27 2012-04-25 中国科学院计算技术研究所 Separated access method and system for PCI (Peripheral Component Interconnect) equipment in virtualization environment
CN102831006A (en) * 2012-07-25 2012-12-19 北京奇虎科技有限公司 Virtual machine realizing method and virtual machine
CN104572170A (en) * 2013-10-10 2015-04-29 国际商业机器公司 A method for providing isolated entropy elements and an entropy element generator
CN104885057A (en) * 2012-09-21 2015-09-02 英特尔公司 Isolated guest creation in virtualized computing system
CN104951694A (en) * 2014-03-24 2015-09-30 华为技术有限公司 Isolation method and apparatus for management virtual machine
WO2016164424A1 (en) * 2015-04-09 2016-10-13 Vmware, Inc. Isolating guest code and data using multiple nested page tables
CN106970823A (en) * 2017-02-24 2017-07-21 上海交通大学 Efficient secure virtual machine guard method and system based on nested virtualization

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101076781A (en) * 2004-12-10 2007-11-21 英特尔公司 System and method for releasing privilege of virtual machine monitoring program component
US20090172328A1 (en) * 2007-12-31 2009-07-02 Ravi Sahita System and method for high performance secure access to a trusted platform module on a hardware virtualization platform
CN101739282A (en) * 2008-11-18 2010-06-16 华为技术有限公司 Method, device and system for managing virtual machine
CN101976200A (en) * 2010-10-15 2011-02-16 浙江大学 Virtual machine system for input/output equipment virtualization outside virtual machine monitor
CN102426557A (en) * 2011-10-27 2012-04-25 中国科学院计算技术研究所 Separated access method and system for PCI (Peripheral Component Interconnect) equipment in virtualization environment
CN102831006A (en) * 2012-07-25 2012-12-19 北京奇虎科技有限公司 Virtual machine realizing method and virtual machine
CN104885057A (en) * 2012-09-21 2015-09-02 英特尔公司 Isolated guest creation in virtualized computing system
CN104572170A (en) * 2013-10-10 2015-04-29 国际商业机器公司 A method for providing isolated entropy elements and an entropy element generator
CN104951694A (en) * 2014-03-24 2015-09-30 华为技术有限公司 Isolation method and apparatus for management virtual machine
WO2016164424A1 (en) * 2015-04-09 2016-10-13 Vmware, Inc. Isolating guest code and data using multiple nested page tables
CN106970823A (en) * 2017-02-24 2017-07-21 上海交通大学 Efficient secure virtual machine guard method and system based on nested virtualization

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM;Min Zhu,et al.;《VEE "17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments》;20170409;第242-256页 *
SecPod: A Framework for Virtualization-based Security Systems;Xiaoguang Wang,et al.;《The Proceedings of the 2015 USENIX Annual Technical Conference (USENIC ATC"15)》;20150710;第347-360页 *
T-VMI: Trusted Virtual Machine Introspection in Cloud Environments;Lina Jia,et al.;《2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing》;20170517;第478-487页 *
一种基于VT-d技术的虚拟机安全隔离框架研究;杨永娇 等;《信息网络安全》;20151110;第7-14页 *
基于Intel VT-d技术的虚拟机安全隔离研究;林昆;《中国优秀硕士学位论文全文数据库 信息科技辑》;20110715;正文第14-50页 *

Also Published As

Publication number Publication date
CN109858288A (en) 2019-06-07

Similar Documents

Publication Publication Date Title
CN109858288B (en) Method and device for realizing safety isolation of virtual machine
Weisse et al. Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution
US20220027287A1 (en) System for address mapping and translation protection
US11681793B2 (en) Technologies for object-oriented memory management with extended segmentation
US8327059B2 (en) System and method to enhance memory protection for programs in a virtual machine environment
EP1966706B1 (en) Identifier associated with memory locations for managing memory accesses
KR100927750B1 (en) Tamper protection of software agents operating in a vt environment methods and apparatuses
US9129106B2 (en) Systems and methods for secure in-VM monitoring
US7739466B2 (en) Method and apparatus for supporting immutable memory
US7380049B2 (en) Memory protection within a virtual partition
US10296470B2 (en) Systems and methods for dynamically protecting a stack from below the operating system
KR102189296B1 (en) Event filtering for virtual machine security applications
US20080077767A1 (en) Method and apparatus for secure page swapping in virtual memory systems
CN106970823B (en) Efficient nested virtualization-based virtual machine security protection method and system
CN103858129A (en) System and method for kernel rootkit protection in a hypervisor environment
KR102075701B1 (en) Instruction-level data isolation method and apparatus
CN108491249B (en) Kernel module isolation method and system based on module weight
CN117494108B (en) Trusted execution environment implementation method, computer equipment and storage medium
Lin et al. HyperMI: a privilege-level VM protection approach against compromised hypervisor
CN116561824A (en) Method and apparatus for managing memory in a confidential computing architecture

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant